NWI-IMC069
Security and Privacy of Machine Learning
Course infoSchedule
Course moduleNWI-IMC069
Credits (ECTS)6
CategoryMA (Master)
Language of instructionEnglish
Offered byRadboud University; Faculty of Science; Informatica en Informatiekunde;
Lecturer(s)
Coordinator
dr. S. Picek
Other course modules lecturer
Lecturer
dr. S. Picek
Other course modules lecturer
Contactperson for the course
dr. S. Picek
Other course modules lecturer
Examiner
dr. S. Picek
Other course modules lecturer
Academic year2022
Period
KW3-KW4  (30/01/2023 to 31/08/2023)
Starting block
KW3
Course mode
full-time
Remarks-
Registration using OSIRISYes
Course open to students from other facultiesYes
Pre-registrationNo
Waiting listNo
Placement procedure-
Aims
At the end of the course, students can:
  • understand different failure modes in machine learning and explain types of compromises;
  • explain currently known attacks (evasion attacks, poisoning, model inversion, membership inference) and associated defenses;
  • carry out evasion and perturbation attacks in various types of neural networks and input domains;
  • use machine learning and security techniques;
  • evaluate privacy risks when deploying machine learning algorithms.


 
Content
Machine learning has accomplished significant advances and produced a broad spectrum of approaches used for diverse application domains. Machine learning usage also results in negative effects and brings new challenges.
Indeed, the deployment of machine learning in real-world systems requires complementary technologies to ensure that machine learning maintains security and privacy goals.
Numerous works are showing how machine learning can fail due to various attacks. Such a situation is not surprising as machine learning is commonly not designed to be secure against threats (poisoning attacks, backdoor attacks, model stealing, membership inference attacks, perturbation attacks).
What is more, modern systems become increasingly complex, and they gather (and expose) increasing amounts of data. Such information can be extracted from the content, but also meta-data. The privacy concerns stemming from the pervasiveness of online services and mobile devices have put privacy technologies in the spotlight.

This course treats the security and privacy aspects of machine learning, types of compromises, and attack and defense techniques, especially evasion and poisoning attacks. We cover various machine learning algorithms, including state-of-the-art methods.

The course includes practical lab assignments where students perform attacks on different machine learning algorithms and assess the defense mechanisms.

 
Level

Presumed foreknowledge

Test information
Final exam and lab/homework assignments.

In accordance with the Rules and Regulations, the grade for the written exam should be a minimum of 5.0.




 
Specifics
The course includes practical lab assignments where students perform attacks on different machine learning algorithms and assess the defense mechanisms.
Instructional modes
Course
Attendance MandatoryYes

Tests
Final exam
Test weight7
Test typeExam
OpportunitiesBlock KW4, Block KW4

Lab/Homework assignments
Test weight3
Test typeAssignment
OpportunitiesBlock KW4, Block KW4